Bipartisan bill would expand North Carolina ID theft laws

By GARY D. ROBERTSON

Jan. 08, 2018

RALEIGH, N.C. (AP) — With data breaches on the rise affecting millions in North Carolina alone, the Democratic attorney general and a key Republican legislator unveiled a proposal Monday they say will strengthen identify theft laws and give consumers more tools to minimize damage.

Attorney General Josh Stein and Rep. Jason Saine of Lincolnton announced the bill they're authoring, which has the backing of the state AARP and will be filed during the General Assembly's work session in May.

Disclosure of the legislation comes as Stein's office also released a report that said there were over 1,000 breaches in North Carolina in 2017 — an increase of more than 15 percent compared to the previous year — affecting potentially 5.3 million people.

"That's two out of three adults. By definition you've covered the entire waterfront," Stein said at a Legislative Building news conference. "Protecting our people is not a partisan issue. This is about what's doing right for the folks in our state."

The measure, presented in outline form Monday, would require businesses to let Stein's office and affected consumers know of a security breach within 15 days. Stein said current law requires a notice within a reasonable period of time. He cited ride-sharing service Uber, which acknowledged in November that for more than a year it covered up a hacking attack that stole personal information from customers and drivers.

"That is certainly not a reasonable timeframe to let someone know their information has been breached," Saine said.

The definition of security breach would now apply to situations where an electronic assailant locks up personal information and demands a ransom for its release.

The legislation would direct consumers affected by breaches to receive more free credit reports, including five years of credit monitoring from a company such as Equifax if they are hacked. And consumers would have to give permission to a company seeking to obtain their credit score or report and explain the reason for the request.

Doug Dickerson, AARP's state director, said North Carolina's ID theft laws have worked well "but they have to stay further ahead of what the criminals are conceiving." He said older adults — like those AARP represents — are particularly susceptible to electronic attacks because they tend to have better credit and more accounts to their names compared to younger people.

Older adults are "often more valuable to a tech-savvy fraudster," he said.

Stein has been involved with other attorneys general in investigating Equifax's breach and Stein's office said Monday he's now doing the same with investigating Uber.